1. An attacker breaks into a corporate database and deletes critical files. What security goal is this attack focused on?
2. How can detective countermeasures act as preventive countermeasures?
3. (a) If you accidentally find someone’s password and use it to get into a system, is this hacking? Explain. (b) Someone sends you a“game.”When you run it, it logs you into an IRS server. Is this hacking? Explain. (c) Could you be prosecuted for doing this? (d) You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else’s files. You spend just a few minutes looking around. Is this hacking? Explain.
6. Why do you think DDoS attackers use zombies to attack victims instead of sending attack packets directly to victims? Come up with two reasons.
9. A competitor goes to your public website and discovers that they can get into a directory that you did not know could be reached. There, they find a list of customers and use the list to their advantage. Have they hacked your webserver? What problem may you encounter in suing them for the theft of trade secrets?
Boyle, Randall J; Panko, Raymond R.. Corporate Computer Security (2-downloads) (p. 50). Pearson Education. Kindle Edition.
- List the 12 PCI-DSS control objectives. You will have to look this up on the Internet.
3. A company has a resource XYZ. If there is a breach of security, the company may face a fine of $100,000 and pay another $20,000 to clean up the breach. The company believes that an attack is likely to be successful about once in five years. A proposed countermeasure should cut the frequency of occurrence in half. How much should the company be willing to pay for the countermeasure?
Boyle, Randall J; Panko, Raymond R.. Corporate Computer Security (2-downloads) (p. 117). Pearson Education. Kindle Edition.
1.The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today, a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.)
2. Longer keys are more difficult to crack. Most symmetric keys today are 100–300 bits long. Why don’t systems use far longer symmetric keys—say, 1,000- bit keys?
3. Brute force is used to crack a 100-bit key. The key is cracked in only 5,000 tries. How can this be?
Boyle, Randall J; Panko, Raymond R.. Corporate Computer Security (2-downloads) (p. 178). Pearson Education. Kindle Edition.